ons 2007-05-23 klockan 16:00 -0500 skrev K K: > Another option is to route SSL through a commercial product which does > true SSL/TLS "interception", terminating the crypto in the analysis > box and then re-establishing a new SSL session to the Internet. This > has *huge* implications for privacy, HIPAA, etc. Or hire a developer to add this to Squid. Not much missing to be honest. > I've spoken with Bluecoat, Radware, Checkpoint, and others about > products in this space, but the whole idea gives me the willies. Privacy is a luxury. In some environments it's not something you are allowed to have and in such environments these decrypting proxies makes sense. Have seen a number of large corporations where their security policy do not allow encrypted communication between the internal LAN and Internet, absolutely requiring the ability to inspect the traffic. Naturally these also have enforced policies defining how Internet may be used at the office, only allowing it to be used as part of the work and not for private purposes. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
